Skills
skills/lum1104/understand-anything/understand-knowledge/Gen Agent Trust Hub

understand-knowledge

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The merge-knowledge-graph.py script executes git rev-parse HEAD using subprocess.run to include version information in the output graph. This command is static and safe as it does not include unsanitized user inputs.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external markdown content via subagents.\n
  • Ingestion points: The parse-knowledge-base.py script (line 330) reads content from any .md file in the provided target directory.\n
  • Boundary markers: No explicit delimiters or instructions are provided in the SKILL.md Phase 3 instructions to isolate article content when passed to the article-analyzer subagents.\n
  • Capability inventory: The skill environment permits file system operations and execution of local Python scripts for data processing.\n
  • Sanitization: The scripts use standard regex and JSON parsing to extract structural data but do not sanitize the text content passed to the LLM-based subagents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 10:34 PM